From 0047e5d83c311aabbfff7d919529a60064b6fc76 Mon Sep 17 00:00:00 2001 From: Nathan Woodburn Date: Thu, 8 Jun 2023 20:52:16 +1000 Subject: [PATCH] README: Added instructions to gain root access on kali.boysbrigade.au server - Added tutorial for gaining root access on the kali.boysbrigade.au server. - Included a new file H1.md with instructions on how to change shell using su command. - Renamed README.md to OPTIONAL-keylogger.md and updated its content to reflect the changes in task description. --- H1.md | 4 +++ OPTIONAL-keylogger.md | 47 ++++++++++++++++++++++++++++++++ README.md | 63 +++++++++++++++---------------------------- 3 files changed, 73 insertions(+), 41 deletions(-) create mode 100644 H1.md create mode 100644 OPTIONAL-keylogger.md diff --git a/H1.md b/H1.md new file mode 100644 index 0000000..ed8fa51 --- /dev/null +++ b/H1.md @@ -0,0 +1,4 @@ +You can use the `su --help` command to see how to use it. +Look for any option to change shell. + +The command to use is `su bob -s /bin/bash` \ No newline at end of file diff --git a/OPTIONAL-keylogger.md b/OPTIONAL-keylogger.md new file mode 100644 index 0000000..f4a9888 --- /dev/null +++ b/OPTIONAL-keylogger.md @@ -0,0 +1,47 @@ +# OPTIONAL BB-Pen-2 + +The task this week is to create a simple keylogger that will log all the keys pressed on the keyboard and save them to a file. +The program should run in the background and not be visible to the user. + +## Requirements +- Access to the kali.boysbrigade.au server (or another linux machine) (This will be provided) + +## Instructions +1. SSH into the server using the provided credentials following the instructions from last week. +2. Create a new directory for your project and navigate into it. (Put your name in the directory name to avoid conflicts between other members) +3. In that directory create a new executable file to run the keylogger. +4. Write a script (file that ends in .sh) that will log all the keys pressed on the keyboard and save them to a file. +5. Try to make the keylogger look like it is not running (Hint: show the user a fake command prompt) + +## Running the keylogger +```sh +# Run normally +./keylogger.sh +# Run so that it will close the SSH session when you close the logger +exec ./keylogger.sh +``` + +## Hints +1. Infinite loop: + ```sh + while true + do + # Your code here + # Will run forever + done + ``` +2. Get an input from the user: + ```sh + read -p "Enter something: " input + echo "You inputed $input" + ``` +3. Get the message of the day (Screen that appears when you login): + ```sh + cat /etc/motd + ``` +4. Run a variable as a command: + ```sh + command="ls" + $command + # This will run the 'ls' command + ``` \ No newline at end of file diff --git a/README.md b/README.md index 41a86d7..39a0444 100644 --- a/README.md +++ b/README.md @@ -1,47 +1,28 @@ # BB-Pen-2 -The task this week is to create a simple keylogger that will log all the keys pressed on the keyboard and save them to a file. -The program should run in the background and not be visible to the user. +The task this week is to get root access on the kali.boysbrigade.au server. +You have been given a user account on the server (from BB-Pen-1). +Use this account to gain access to the admin account. -## Requirements -- Access to the kali.boysbrigade.au server (or another linux machine) (This will be provided) +## Tutorial +1. Login as `bob` (password in seconduser.pass from `gituser`). +2. See if you can change directory to test +You probably get this message`-rbash: cd: restricted`. +This means that you are in a restricted shell. Try to login to a normal shell (`/bin/bash`). +Hint `su` is the command to switch user (switch to yourself). +Need help? Look in [H1.md](H1.md) for help. -## Instructions -1. SSH into the server using the provided credentials following the instructions from last week. -2. Create a new directory for your project and navigate into it. (Put your name in the directory name to avoid conflicts between other members) -3. In that directory create a new executable file to run the keylogger. -4. Write a script (file that ends in .sh) that will log all the keys pressed on the keyboard and save them to a file. -5. Try to make the keylogger look like it is not running (Hint: show the user a fake command prompt) +3. Once you have a normal shell, try to change directory to test again. +If you are able to change directory, go back to the home directory (just run `cd`). -## Running the keylogger -```sh -# Run normally -./keylogger.sh -# Run so that it will close the SSH session when you close the logger -exec ./keylogger.sh +4. One of the best ways to get root access is to find a program that is running as root, and exploit it. +Run `cat /etc/crontab` to see all the commands that are run on a schedule by the admin. +Notice anything you can exploit? + +5. If you found something, try to exploit it. +Something you can try is running this to add yourself to the sudo (admin) group. +```bash +echo 'bob ALL=(ALL:ALL) ALL' >> /etc/sudoers ``` - -## Hints -1. Infinite loop: - ```sh - while true - do - # Your code here - # Will run forever - done - ``` -2. Get an input from the user: - ```sh - read -p "Enter something: " input - echo "You inputed $input" - ``` -3. Get the message of the day (Screen that appears when you login): - ```sh - cat /etc/motd - ``` -4. Run a variable as a command: - ```sh - command="ls" - $command - # This will run the 'ls' command - ``` \ No newline at end of file +See if you are able to run `sudo whoami`. This should print `root` if you have admin access. +(You might need to wait a minute for the cron job to run)